Solved

Random Posword not Updating in Database

Posted on 2004-04-28
7
347 Views
Last Modified: 2008-02-01
Hi there,

The scripts below, remember_me.php and function.inc.php are supposed to generate a random password and update corresponding field in the database.

Once prompted, they generate the random password and sends them to the user's email.  But the generated password is not updated in the database and so the user cannot login.

Can someone help me where I'm going wrong.

remember_me.php Script
===================
<?php
//brians code start here
include "functions.inc.php";
include "error_messages.inc.php";
//action=add means usr pressd the submit button
if ($action =="email")
{
 $error_found=false;
 $error="";
 //start validating the user input
 if($email=="")
 {
  $error_found=true;
  $error.=ERR_EMAIL_BLANK;
 }

if(!$error_found)
{
      {
            //{
            $host="mysql.xcalibre.co.uk";
            $uname="xxxxxx";
            $pass="xxx";
            $database="xxxxx";
            $tablename="g_workers";

            $connect= mysql_connect($host,$uname,$pass) or die("Could not connect you to Bizafrican Database! <br>");

            $selectdb=mysql_select_db($database) or die("Could not select the Bizafrican Database for you");

            $mingle   = "decode(password, '".$password."')";  
            $sqlquery = ("select email,username, " .$mingle. " as password from g_workers where email ='".$email ."' ");
            $queryresult = mysql_query($sqlquery,$connect)or die("could not execute the query.");
            if ($row = mysql_fetch_array($queryresult))
            {
            $email =  $row["email"];
            $from     = "dba@guardwise.com";
            $subject  =  "Guardwise.com - Important message for you";
            $message  =  "Your username is:  ". $row["username"]."\n".
                               "Your password is:  ". new_password($row["username"])."\n";//edited here              
            $message   .=  "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.\n
 DBA/Support";
             
            mail($email,$subject,$message,"From: sssssssss.com <dba@ssssssssss.com>");
            Header("Location: http://www.sssssss.com/remember_done.htm");
            exit;
            }
            else
            {

              $error_found=true;
              $error.=ERR_EMAIL_NONE;
            }
      }
}
}
?>
==========================
Functions Script
==========
<?
//this function generate the select box for the selected external file
function makeCombo($optname,$optfile,$optsel,$optex,$optremove='-1000'){ //returns string containing select tag
if(!is_array($optremove)) $optremove=explode(",",$optremove);
$combo="<select name='$optname' $optex>";
include $optfile;

foreach($manutmp as $key => $value){

      $tosel="";
      if($optsel==$key){
      $tosel="selected";
      }
            
      if(in_array($key,$optremove) == false)$combo.="<option value='$key' $tosel>$value\n";
      
      }
$combo.="</select>";
return $combo;
}

//this will return the select value from the select box
function getComboValue($optfile,$optkey){
include $optfile;
return $manutmp[$optkey];
}

//encrypt the password
function encrypt_password($input)
{
 return md5($input);
}

//generate the random password
function new_password ($userid,$length=10) {
      // if you want extended ascii, then add the characters to the array
      $characters = array('a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','A','B','C','D','E','F','G','H','I','J','K','L','M','N','O','P','Q','R','S','T','U','V','W','X','Y','Z','0','1','2','3','4','5','6','7','8','9');
      $random_str = "";
      for ($i = 0; $i <= $length; $i++) {
            srand((double)microtime()*1000000);
            $random_chr = round(rand(0, count($characters)-1));
            $random_str .= $characters[$random_chr];
      }
      
      //update the password for the user into  databae
      //update table pasword = encrypt_password($random_str)
       $db_name = "afrika";
$table_name = "biznames";
$connection = @mysql_connect("mysql.xcalibre.co.uk", "bbbbbb", "bbbbb") or die("Couldn't connect.");
        $db = @mysql_select_db($db_name, $connection) or die("Couldn't select database.");
       $sql = "UPDATE $table_name  
              SET  
              password = '". md5($random_str) ."'
              WHERE email = '". $email ."'    
              ";
$result = mysql_query($sql,$connection) or die("Couldn't execute query.");
      return $random_str;
}
?>
0
Comment
Question by:Senyonjo
  • 3
7 Comments
 
LVL 10

Accepted Solution

by:
eeBlueShadow earned 125 total points
ID: 10944449
Hi,

Normally, when you have a problem with an SQL query, a good bet is to scho it to screen in testing to see what's wrong.

If you did this in your case, I imagine you'd find that the WHERE clause is looking for a blank email address. Inside a function, variables that you set outside of the function aren't available by default. you have to declare them as global variables for them to be seen inside the function.

There are 2 solutions. The easiest is to put the line "global $email;" as the first line of the new-password function. This will work fine, but a better method would be to pass the email address as a third argument to the function. I'll try and dig out a link explaining why global variables aren't always the best idea, but either of those should work for now.
0
 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10944509
This thread on siteforums.com (http://www.sitepoint.com/forums/showthread.php?t=156431) explains the main reasons.

While none of them are likely to affect you in any way in this script, and either of my solutions above are valid, it's nothing more than a good practise to get into, because passing variables in a function's parameter list is foolproof, whereas using global variables isn't. Why waste the time to make a case by case decision about which to use?

I hope this a) fixes your problem and b) gives you a useful insight into further PHP programming,

_Blue

P.S. It's supposed to say "to echo it to screen" in my above post, if you hadn't guessed.
0
 
LVL 10

Expert Comment

by:eeBlueShadow
ID: 10944510
This thread on siteforums.com (http://www.sitepoint.com/forums/showthread.php?t=156431) explains the main reasons.

While none of them are likely to affect you in any way in this script, and either of my solutions above are valid, it's nothing more than a good practise to get into, because passing variables in a function's parameter list is foolproof, whereas using global variables isn't. Why waste the time to make a case by case decision about which to use?

I hope this a) fixes your problem and b) gives you a useful insight into further PHP programming,

_Blue

P.S. It's supposed to say "to echo it to screen" in my above post, if you hadn't guessed.
0
 
LVL 6

Assisted Solution

by:jkna_gunn
jkna_gunn earned 125 total points
ID: 10946917
also make sure that the password field can take the size of an md5 string.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Popularity Can Be Measured Sometimes we deal with questions of popularity, and we need a way to collect opinions from our clients.  This article shows a simple teaching example of how we might elect a favorite color by letting our clients vote for …
Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now